###### tags: `資安事件新聞週報` # 資安事件新聞週報 2025/11/10 ~ 2025/11/14 1.重大弱點漏洞/後門/Exploit/Zero Day 國家級駭客鎖定思科與Citrix零時差漏洞從事攻擊 https://www.ithome.com.tw/news/172219 中國駭客鎖定思科防火牆漏洞，對全球政府機關發動攻擊 https://www.ithome.com.tw/news/172176 Now-Patched Fortinet FortiWeb Flaw Exploited in Attacks to Create Admin Accounts https://thehackernews.com/2025/11/fortinet-fortiweb-flaw-actively.html Cisco 一週內修補三大產品漏洞　UCCX、ISE 與防火牆攻擊變種威脅升級 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12427 ThreatsDay Bulletin: Cisco 0-Days, AI Bug Bounties, Crypto Heists, State-Linked Leaks and 20 More Stories https://thehackernews.com/2025/11/threatsday-bulletin-cisco-0-days-ai-bug.html 微軟修補Windows核心已遭利用的權限提升漏洞 https://www.ithome.com.tw/news/172207 Microsoft Fixes 63 Security Flaws, Including a Windows Kernel Zero-Day Under Active Attack https://thehackernews.com/2025/11/microsoft-fixes-63-security-flaws.html CISA Flags Critical WatchGuard Fireware Flaw Exposing 54,000 Fireboxes to No-Login Attacks https://thehackernews.com/2025/11/cisa-flags-critical-watchguard-fireware.html 熱門 AI 推論伺服器 Ollama 與 NVIDIA Triton 爆多項高危險漏洞 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12433 WinRAR零時差漏洞出現攻擊行動，駭客組織Bitter用於攻擊南亞政府 https://gbhackers.com/winrar-vulnerability-2/ SAP修補SQL Anywhere Monitor與Solution Manager近滿分漏洞 https://www.ithome.com.tw/news/172193 檔案共享平臺Triofox已知漏洞遭利用，駭客濫用檔案掃描機制，以SYSTEM權限執行惡意指令碼 https://www.ithome.com.tw/news/172184 CISA警告三星零時差漏洞已被用於實際攻擊，聯邦機構需限期修補 https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-samsung-zero-day-used-in-spyware-attacks/ JavaScript程式庫expr-eval存在重大漏洞，若不處理攻擊者可遠端執行任意程式碼 https://www.bleepingcomputer.com/news/security/popular-javascript-library-expr-eval-vulnerable-to-rce-flaw/ runC存在高風險弱點，攻擊者恐藉此逃脫容器隔離 https://www.ithome.com.tw/news/172151 Ollama、Nvidia推論伺服器存在資安弱點，AI基礎設施恐隨之曝險 https://www.darkreading.com/vulnerabilities-threats/ollama-nvidia-flaws-ai-infrastructure-risk Claude API存在漏洞，可被用於竊取資料 https://www.ithome.com.tw/news/172139 2.銀行/金融/保險/證券/金融監理 新聞及資安 惡意軟體Maverick鎖定巴西大型銀行用戶，透過網頁版WhatsApp挾持瀏覽器連線階段 https://thehackernews.com/2025/11/whatsapp-malware-maverick-hijacks.html 高科技業逾5成上雲，金融業緊追，台灣企業AI安全需求成長30% https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12445 金管會約談、金檢10家銀行 民營金控旗下銀行幾乎全數入列 https://udn.com/news/story/7239/9136073 普發一萬銀行帳號遭鎖？　金管會清查完成「非屬實」 https://finance.ettoday.net/news/3067644 普發一萬入帳「帳戶被鎖變警示戶」原因為何？10家銀行解鎖方法！看的到領不到，金管會出手了 https://www.businesstoday.com.tw/article/category/183030/post/202511130019/ 民眾登記領普發1萬被鎖帳戶 銀行：多與其他風險列管有關 https://news.pts.org.tw/article/781382 普發一萬17日開放郵局銀行ATM提領　指定機構、操作流程一次看 https://www.cna.com.tw/news/afe/202511140181.aspx 3.信用卡/電子支付/行動支付/pay/支付系統/資安 Russian Hackers Create 4,300 Fake Travel Sites to Steal Hotel Guests' Payment Data https://thehackernews.com/2025/11/russian-hackers-create-4300-fake-travel.html 俄羅斯駭客建置4,300個假旅遊網站，目的是竊取旅館住客的付款資訊 https://thehackernews.com/2025/11/russian-hackers-create-4300-fake-travel.html 行動支付成詐騙溫床　瑞芳警超前部署攜手全聯防詐 https://ctinews.com/news/items/byWjKpYgaY 從全支付事件瞭解現行電子支付機制設計及防詐意識 https://tfc-taiwan.org.tw/understanding-e-payment-mechanisms-and-fraud-awareness-from-quanpay-incident/ JR東日本Suica明年秋天升級行動支付功能 挑戰PayPay地位 https://www.rti.org.tw/news?uid=3&pid=174806 全支付盜刷事件　金管會：11／6通報重大偶發 https://finance.ettoday.net/news/3065776 全支付屢傳盜刷案！電子支付綁定信用卡「比銀行帳戶更安全」？金管會給答案 https://www.storm.mg/lifestyle/11080845 全支付傳遭盜刷通報重大偶發　金管會：17日前交報告 https://www.cna.com.tw/news/afe/202511110321.aspx 全支付事件後的信任危機：金融科技高速成長與資安治理落差的拉扯 https://www.thenewslens.com/article/260915 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 Fake Chrome Extension "Safery" Steals Ethereum Wallet Seed Phrases Using Sui Blockchain https://thehackernews.com/2025/11/fake-chrome-extension-safery-steals.html 假瀏覽器延伸套件濫用區塊鏈Sui，意圖洗劫受害者以太坊錢包 https://thehackernews.com/2025/11/fake-chrome-extension-safery-steals.html 中國懷疑美國早就盜走陳志150億美元比特幣 https://www.ithome.com.tw/news/172194 加密貨幣能取代美元？蔡正元直言「那個時代還沒來」：各國央行現在瘋搶這個 https://www.storm.mg/article/11080413 加密貨幣牛市已結束？Ben Cowen 談山寨幣：別再相信你的投資組合會翻倍 https://abmedia.io/ben-cowen-bonny-blockchain 彭博爆料日本交易所正研究「抵制DAT公司」：減少如 Metaplanet 囤積加密貨幣亂象 https://www.blocktempo.com/jpx-tightens-dat-crypto-curbs/ 聯邦設「打詐小組」 鎖定殺豬盤、中國加密貨幣詐騙 https://www.worldjournal.com/wj/story/124277/9137023 紐約梅隆銀行推出穩定幣儲備專用基金，為發行商提供合規性與高流動性 https://zombit.info/bny-launches-money-market-fund-for-stablecoin-issuers/ 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 勒索軟體Akira將加密資料的範圍延伸到Nutanix虛擬機器 https://www.ithome.com.tw/news/172246 蠕蟲程式GlassWorm再度於Open VSX現身，惡意套件被下載近1萬次 https://www.ithome.com.tw/news/172137 惡意NuGet套件鎖定工控設備及3種常見的資料庫而來，以亂數方式決定是否中止應用程式執行 https://www.ithome.com.tw/news/172145 遭執法單位圍剿的DanaBot另起爐灶，採用洋蔥網路及反向連接節點來隱匿攻擊來源 https://www.bleepingcomputer.com/news/security/danabot-malware-is-back-to-infecting-windows-after-6-month-break/ 蠕蟲程式IndonesianFoods橫行，已在NPM孳生逾10萬個套件，恐影響開源生態 https://www.ithome.com.tw/news/172259 勒索軟體DragonForce出現變種，自帶驅動程式癱瘓EDR運作，修補研究人員透露的程式缺陷 https://securityonline.info/dragonforce-ransomware-evolves-with-byovd-to-kill-edr-and-fixes-encryption-flaws-in-conti-v3-codebase/ 針對2024年遭到勒索軟體攻擊，病理學暨診斷服務供應商Synnovis著手通報受影響的組織 https://www.bleepingcomputer.com/news/security/synnovis-notifies-of-data-breach-after-2024-ransomware-attack/ 惡意軟體掃描程式ImunifyAV存在RCE漏洞，數百萬個網站恐曝險 https://www.bleepingcomputer.com/news/security/rce-flaw-in-imunifyav-puts-millions-of-linux-hosted-sites-at-risk/ 俄羅斯駭客坦承協助勒索軟體「閻羅王」犯案，從事初始存取管道掮客業務 https://www.bleepingcomputer.com/news/security/yanluowang-initial-access-broker-pleaded-guilty-to-ransomware-attacks/ 遠端管理工具SimpleHelp已知漏洞遭利用，駭客於英國部署勒索軟體Medusa與DragonForce https://www.ithome.com.tw/news/172234 中國駭客滲透意圖左右美國國際政策的非營利組織，濫用防毒元件載入惡意程式 https://www.ithome.com.tw/news/172229 惡意NPM套件鎖定GitHub擁有的儲存庫而來 https://thehackernews.com/2025/11/researchers-detect-malicious-npm.html GlassWorm Malware Discovered in Three VS Code Extensions with Thousands of Installs https://thehackernews.com/2025/11/glassworm-malware-discovered-in-three.html Hackers Exploiting Triofox Flaw to Install Remote Access Tools via Antivirus Feature https://thehackernews.com/2025/11/hackers-exploiting-triofox-flaw-to.html 惡意軟體GootLoader捲土重來，藉由字型手法隱身在WordPress網站 https://thehackernews.com/2025/11/gootloader-is-back-using-new-font-trick.html GootLoader Is Back, Using a New Font Trick to Hide Malware on WordPress Sites https://thehackernews.com/2025/11/gootloader-is-back-using-new-font-trick.html Operation Endgame Dismantles Rhadamanthys, Venom RAT, and Elysium Botnet in Global Crackdown https://thehackernews.com/2025/11/operation-endgame-dismantles.html Ransomware's Fragmentation Reaches a Breaking Point While LockBit Returns https://thehackernews.com/2025/11/ransomwares-fragmentation-reaches.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 Google啟動Android開發者身分驗證新制，保留側載並新增學生與進階用戶方案 https://www.ithome.com.tw/news/172217 Google裝置追蹤工具遭濫用，北韓駭客Konni從事安卓裝置資料破壞攻擊 https://www.ithome.com.tw/news/172182 間諜軟體LandFall鎖定三星裝置零時差漏洞，透過WhatsApp傳送訊息得逞 https://www.ithome.com.tw/news/172135 Android Trojan 'Fantasy Hub' Malware Service Turns Telegram Into a Hub for Hackers https://thehackernews.com/2025/11/android-trojan-fantasy-hub-malware.html Samsung Mobile Flaw Exploited as Zero-Day to Deploy LANDFALL Android Spyware https://thehackernews.com/2025/11/samsung-zero-click-flaw-exploited-to.html WhatsApp Malware 'Maverick' Hijacks Browser Sessions to Target Brazil's Biggest Banks https://thehackernews.com/2025/11/whatsapp-malware-maverick-hijacks.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 Downdetector解析AWS大當機災情，超過60個國家與3,500家公司受到影響 https://www.ithome.com.tw/news/172205 羅浮宮文物遭竊監視器卻無法運作，外界懷疑使用弱密碼和老舊系統釀禍 https://www.ithome.com.tw/news/172141 美國國會預算辦公室遭駭，茅頭指向境外國家級駭客 https://www.ithome.com.tw/news/172202 美國國會預算辦公室遭駭，外界懷疑是中國駭客所為 https://gbhackers.com/u-s-congressional-budget-office-hit-by-cyberattack/ 中國駭客滲透能左右美國國際政策的非營利組織 https://securityaffairs.com/184351/apt/china-linked-hackers-target-u-s-non-profit-in-long-term-espionage-campaign.html 中國駭客利用Claude Code完成8成以上的攻擊任務 https://www.ithome.com.tw/news/172249 全球執法終局行動再下一城，掃盪逾1,000臺惡意伺服器 https://www.ithome.com.tw/news/172257 Hyper-V 成駭客新武器！俄羅斯 APT 組織利用虛擬機躲避 EDR；ENISA 示警公部門攻擊激增 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12434 北韓駭客Lazarus對航太與國防機構從事網路間諜活動，透過惡意文件散布後門Comebacker https://gbhackers.com/lazarus-group/ 駭客組織xHunt針對Exchange與IIS伺服器而來，植入PowerShell打造的後門 https://gbhackers.com/xhunt-apt/ Microsoft Uncovers 'Whisper Leak' Attack That Identifies AI Chat Topics in Encrypted Traffic https://thehackernews.com/2025/11/microsoft-uncovers-whisper-leak-attack.html Konni Hackers Turn Google's Find Hub into a Remote Data-Wiping Weapon https://thehackernews.com/2025/11/konni-hackers-turn-googles-find-hub.html From Log4j to IIS, China's Hackers Turn Legacy Bugs into Global Espionage Tools https://thehackernews.com/2025/11/from-log4j-to-iis-chinas-hackers-turn.html Chinese Hackers Use Anthropic's AI to Launch Automated Cyber Espionage Campaign https://thehackernews.com/2025/11/chinese-hackers-use-anthropics-ai-to.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 2025 Q3郵件威脅報告：資安防護機制反被利用　置換連結成攻擊者新武器 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12430 日立子公司GlobalLogic、英國衛福部的Oracle EBS系統也遭駭 https://www.ithome.com.tw/news/172222 華盛頓郵報Oracle EBS資料外洩事件影響近萬名員工與約聘人員 https://www.ithome.com.tw/news/172248 安聯英國子公司、華盛頓郵報名列Oracle EBS漏洞攻擊受害者最新名單 https://www.ithome.com.tw/news/172171 Google控告Lighthouse釣魚即服務幕後組織，並推動美國新法打擊詐騙 https://www.ithome.com.tw/news/172231 企業打擊冒名詐騙需跨域協作，Gogolook推防詐監控中心概念應對 https://www.ithome.com.tw/news/172200 2025社群冒名詐騙報告書出爐，偽冒「貸款申請」情境最嚴峻 https://www.ithome.com.tw/news/172199 加密未必保密，LLM串流封包大小與時序恐洩露對話主題 https://www.ithome.com.tw/news/172146 【公私聯防，打詐新四法上路後最大規模帳號停權】消滅7.3萬個可疑帳號！LINE如何從源頭斬斷詐騙鏈條 https://www.ithome.com.tw/news/172088 大規模ClickFix網釣鎖定旅館系統而來，散布惡意軟體PureRAT https://thehackernews.com/2025/11/large-scale-clickfix-phishing-attacks.html Large-Scale ClickFix Phishing Attacks Target Hotel Systems with PureRAT Malware https://thehackernews.com/2025/11/large-scale-clickfix-phishing-attacks.html Over 67,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack https://thehackernews.com/2025/11/over-46000-fake-npm-packages-flood.html Google Sues China-Based Hackers Behind $1 Billion Lighthouse Phishing Platform https://thehackernews.com/2025/11/google-sues-china-based-hackers-behind.html E.研究報告/工具 New Browser Security Report Reveals Emerging Threats for Enterprises https://thehackernews.com/2025/11/new-browser-security-report-reveals.html Npm Package Targeting GitHub-Owned Repositories Flagged as Red Team Exercise https://thehackernews.com/2025/11/researchers-detect-malicious-npm.html CISO's Expert Guide To AI Supply Chain Attacks https://thehackernews.com/2025/11/cisos-expert-guide-to-ai-supply-chain.html Active Directory Under Siege: Why Critical Infrastructure Needs Stronger Security https://thehackernews.com/2025/11/active-directory-under-siege-why.html When Attacks Come Faster Than Patches: Why 2026 Will be the Year of Machine-Speed Security https://thehackernews.com/2025/11/when-attacks-come-faster-than-patches.html F.商業 Google Launches 'Private AI Compute' — Secure AI Processing with On-Device-Level Privacy https://thehackernews.com/2025/11/google-launches-private-ai-compute.html Google Cloud 發布《2026 網路安全預測》報告 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12423 Google欲以320億美元買下資安業者Wiz，傳出通過美國政府反托拉斯審查 https://www.ithome.com.tw/news/172140 G.政府 【蒐整逾2PB影像資料，高雄打造可辨識逾百種情境的AI大腦】主權AI熟悉城市在地情境的關鍵 https://www.ithome.com.tw/news/172239 【高雄市以在地主權AI帶動城市治理新方法】靠AI自動回報異常事件，輔助市府第一時間決策應變 https://www.ithome.com.tw/news/172238 數位發展部推動防詐新生態 《網路詐騙通報查詢網3.0》開啟公私協力新階段 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000738075_CZALPLXN87FJKC4MGS483 數位發展部政務次長侯宜秀 AI跨域協作 邁向全球 https://udn.com/news/story/7241/9128254 網詐通報網3.0上線 跨平台 API＋AI 偵測 https://www.cio.com.tw/101894/ 標案遭指違規用中國製品　資安院：驗收人員沒注意到 https://www.cna.com.tw/news/aipl/202511050110.aspx 資安院孫偉哲主任：情資驅動的防護策略，製造業面對資安威脅的治理新模式 https://netmag.tw/2025/11/12/2025-saaff-hsinchu-keynote-1 資安院：短網址潛藏詐騙陷阱，常用於隱匿釣魚網站 https://infosecu.technews.tw/2025/11/10/short-urls-are-often-used-to-conceal-phishing-sites/ H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 QNAP 修補 7 項零日漏洞，台灣 NAS 用戶應立即更新系統 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12432 威聯通修補旗下產品一系列漏洞，其中漏洞挖掘競賽Pwn2Own揭露重大漏洞成為焦點 https://www.ithome.com.tw/news/172198 群暉修補Pwn2Own揭露的BeeStation私有雲端檔案共享平臺重大漏洞 https://securityonline.info/critical-synology-beestation-zero-day-cve-2025-12686-found-at-pwn2own-allows-remote-code-execution/ I.教育訓練 資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g EC Council CASE.NET 認證準備 https://coolmandiary.blogspot.com/2025/04/ec-council-casenet.html EC Council CASE.NET(312-95)_筆記_Module1專有名詞及定義 https://coolmandiary.blogspot.com/2021/10/ec-council-casenet312-95module1.html GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 Hack The Box Meetup: #1 2025/11/15 https://www.meetup.com/meetup-group-ksunfhaf/events/311641592/ MaiCoin 小學堂-進階版 2025/11/16 https://www.accupass.com/event/2510290804011861255824 運用「直覺聊天介面」加速知識搜尋與決策 | 雲端技術講座 2025/11/18 https://www.accupass.com/event/2510070906172879494180 MaiCoin 講堂【寫在意外之前：遺囑與繼承基本觀】 2025/11/18 https://www.accupass.com/event/2510280157542083440124 Taipei dbt Meetup #41 Databricks + dbt 2025/11/19 https://www.meetup.com/taipei-dbt-meetup/events/311670084/ 發燒互動 2025 策略增長線上發表會｜AI時代的忠誠方程式！打造遊戲化顧客互動劇本 2025/11/19 https://www.accupass.com/event/2510211224041706619042 Get Feedback for Your Startup Pitch 2025/11/20 https://www.meetup.com/mnl-projects-for-founders-developers-tech-professionals/events/311541013/ 11月讀書分享- 詩 2025/11/20 https://www.meetup.com/taipeiwomenintech/events/311215444/ [On-Line] AWS Global Community Gatherings #13 2025/11/21 https://www.meetup.com/awsglobalcommunitygatherings/events/310622555/ Tech & Tea 2025/11/22 https://www.meetup.com/innovate-taiwan/events/311710516/ Amarathon 2025 2025/11/22 https://www.meetup.com/gcr-aws-usergroup/events/311779758/ Taiwan KUG Conference 2025 2025/11/22 https://www.meetup.com/taiwan-kotlin-user-group/events/311564439/ MaiCoin 反詐騙講座 2025/11/26 https://www.accupass.com/event/2510290804091189108084 Flutter Tokyo #11 2025/11/26 https://www.meetup.com/flutter-meetup-tokyo/events/311758235/ ISC2 Taipei Chapter 2025年第二屆第二次會員大會暨「共益資安 共榮台灣」資訊安全研討會 2025/11/29 https://isc2taipei.kktix.cc/events/2025agm Atelli × Meta ｜廣告新時代 使用A.I Agent找到高價值客群 2025/12/3 https://www.accupass.com/event/2510150230273871962330 Threat Analyst Summit 2025 威脅分析師高峰會 2025/12/3 - 2025/12/4 https://teamt5.kktix.cc/events/tas2025 從 AI 浪潮看 2026 資安挑戰與治理策略 2025/12/5 https://www.accupass.com/event/2509190930571905392080 國立臺北商業大學資管系AI賦能論壇 2025/12/6 https://www.accupass.com/event/2510150928422567903790 2025 INSIDE Future Day｜人機共築未來新紀元：Next - Gen AI Agents 2025/12/9 https://www.accupass.com/event/2508170359001755695360 軟體開發安全意識與 .NET/Java 安全程式開發課程 2025/12/11-2025/12/12 https://www.accupass.com/event/2501021437092334513410